Hendro Sasongko¹⁾, Rochman Marota²⁾

Economic Faculty, Pakuan University, Bogor, West Java, Indonesia

ABSTRACT

Organizations and corporations have an obligation to provide certain assurances reporting for their stakeholders. There are a number of assurance providers that either directly or indirectly to guide them over the effectiveness of the controls that mitigate the risks as identified during the risks assessment process. Combined assurance reporting model is applied to provide a coordinated approach to all assurances activities covered from management, internal assurance providers, and external assurance providers.

A governance operating model, developed by Deloitte, is the mechanism used by the board and management to translate the elements of the governance framework and policies into practices, procedures, and job responsibilities within the corporate governance infrastructure. This model has the potential approaches and could be adapted to the needs of combined assurance reporting and thus enhance assurance provider’s ability to implement this need and to exercise proper oversight.

This paper presents an exploratory and descriptive research for enterprise governance operating model that may be suitable for corporates, governments and regulators to discuss the characteristics of such a model and elements that might be included, potential benefits, and development and implementation of combined assurance reporting. At the end of this study should be followed by qualitative research that takes a sample of public sector organizations and the entity with public accountability to exploring the usefulness of this model.

Keywords: assurance reporting; combined assurance; governance operating model; enterprises governance operating

_____________________________________

*) presented in 1^stComparative Asia Africa Governmental Accounting Conference, November 16-17, 2016, Jakarta, Indonesia

Correspondence email:

1hendrosgk@gmail.com 2rochmanmarota@yahoo.com

INTRODUCTION Why Combined Assurance Reporting?

Could we integrating and aligning assurance processes in increasingly complex organizations?

The senior management, internal audit and supervisory committees should obtain a comprehensive, holistic view of the effectiveness of their organization’s governance, risks, and controls to enable them to set priorities and take any necessary actions. Deloitte has noted the 3 (three) main drivers familiar to senior management have likely intensified the need for improved organization’s governance: the growth imperative, organizational size and complexity, and regulatory change.

• Growth must continue. Customers, investors, and the public recognize that a sound, robust, competitive main sector is a key component of a healthy economy. Customers want products and services, and investors want returns; meanwhile, regulators and the public want accountability, responsibility, safety, and soundness in institutions and the financial system. Balancing these desires calls for companies that can grow within the purview of sound governance.

•Size and complexity are permanent. For the largest firms, global reach is a reality, as is complexity of products, markets, and regulations. Given this, boards should consider reliable methods of enabling executives and managers to implement governance.

• Regulations have proliferated. In response to the financial turbulence of the past years, many regulatory agencies and advisory groups have issued guidance relevant to board governance. Yet regulatory change and lapses in governance are likely to continue. This indicates a potential need to extend the governance process deeper into the organization.

These drivers, according to Deloitte, have likely shaped regulators’ and other stakeholders’ expectations in the following ways:

• The board’s governance role includes responsibility for reviewing corporate strategies, shaping the culture, setting the tone at the top, and promulgating the organization’s vision, values, and core beliefs.

• The board is expected to oversee senior management’s collective ownership and individual accountability for regulatory compliance and risk management.

• The board should attain enough visibility into business operations, processes, and risks to understand the risks management is taking and how they are being managed.

• The board is accountable for all aspects of governance, including:

– Decision-making authority that codifies who is responsible for making key decisions;

– Organizational structures that define and clarify responsibilities for operational, control, and reporting processes; and

– Organizational design that is understood by managers, employees, and external stakeholders.

These drivers showed us why the organizations and corporations have an obligation to provide certain assurances reporting for their stakeholders. Thus, the senior management, the audit committee as well us external auditor, provide each assurance reporting based on their interest and point of views.

Are these assurance reports should be combined and why? Roos (2012) confirmed this needs of combine assurance reporting from King Code of Governance for South Africa 2009 (Institute of Directors in Southern Africa), knowns as King III. King III defines combined assurance as “integrating and aligning assurance processes in an organization to maximize risk and governance oversight and control efficiencies, and optimize overall assurance to the audit and risk committee, considering the organization’s risk appetite”. All organizations should strive to become more efficient and effective.

Assurance functions need to be planned and coordinated in such a manner as to contribute to efficiency and effectiveness by eliminating duplication but without compromising the high quality of assurance services. The objectives of combined assurance are to reduce duplications in assurance processes and to prevent any risks and key controls from being missed by assurance.

Key Point

Having “one language, one voice, one view” will benefit all by supporting progress toward the full realization of a company’s objectives and strategy.

(The IIA Research Foundation, 2015)

INTRODUCING A GOVERNANCE OPERATING MODEL:

FROM FRAMEWORK TO OPERATING

PwC noted that the key of success for combined assurance reporting would be applied by the top-down approach as shown in below figure 1.

Figure 1: Top-Down Approach

This approach guided us to realize that there should be the mechanisms and interaction points by which governance and assurance will be implemented. It enables the board and the executive leadership—as appropriate to their roles and responsibilities—to organize these mechanisms and points of interaction across the organization’s business lines, legal entities, and jurisdictions. The Deloitte Governance Framework (see figure 2) was developed to help boards and executives assess their organizations’

governance and assurance programs. Whether the board and management adopt or develop a governance framework, it articulates the various elements of the governance program, clarifies the governance roles of the board and management, and illustrates an appropriate relationship between governance, risk management, and organizational culture.

Figure 2: Deloitte Governance Framework

Deloitte governance framework has been transformatted to governance operating model. This model may contribute to solving the common problem of “management by memo” in governance and assurance. It is rarely enough for the board or management simply to articulate principles and issue policies, no matter how clearly and forcefully they do so. They should also see to it that people have the understanding, motivation, and means to implement them, and that they do so. As shown in figure 3, the governance operating model consists of four major components:

• Structure, which includes organization design and reporting structure, committee structures and charters, and control and support function interdependencies.

•Oversight responsibilities, which define board oversight responsibilities, committee and management responsibilities, accountability matrices, and management hiring and firing authority.

• Talent and culture, which enable the behaviors and activities required for effective governance by establishing compensation policies (particularly regarding incentives), promotion policies, business and operating principles, performance measurement and management, training, and leadership and talent development programs.

• Infrastructure, which comprises governance and risk oversight policies and procedures, reports, measures and metrics, and management capabilities, and the enabling IT and communications support.

Figure 3: Illustrative for Deloitte Governance Operating Model Components STRUCTURE

Organizational design and reporting structure

Performance management and

incentives Board oversight

responsibilitiesand

Management accountability and authority

Committee(s) authorities and responsibilities Committee(s)

structure and charters

TALENT AND CULTURE OVERSIGHT RESPONSIBILITIES

INFRASTRUCTURE

Technology Reporting and

communication Policies and

procedures

Business and operating principles

Leadership development and

talent programs

Within these components, some of the key aspects of an effective governance operating model to be addressed will include:

Board oversight and responsibilities

The board carries out oversight responsibility across the organization in areas such as business and risk strategy, organization, financial soundness, and regulatory compliance. In this regard, the governance operating model should help the board to:

• Articulate the skills and knowledge it requires to effectively execute its oversight responsibilities, and to assess its composition against those needs.

• Engage management in providing the information the board requires to exercise governance and risk oversight.

• Advise management on policies that ultimately influence the manner in which governance is conducted.

• Understand governance activities that occur at various levels within the organization, and support management in its efforts to enhance program efficiency, and effectiveness.

Committee authorities and responsibilities

Effective board committee and management committee structures can help define the number, terms, and qualifications of members, committee responsibilities, reporting and escalation mechanisms, and ways in which board and management committees will interact. For example, for a management committee, the model could:

• Include committee charters that define the committee's responsibilities and addresses linkages between the committee, the broader executive team, and the board of directors.

• Define the types of decisions, investments, events, risks, and other items that should come to the committee’s attention (and, when applicable, thresholds or amounts).

• Delineate methods of escalating and reporting significant matters to the appropriate person or committee.

Organizational design and reporting structure

A clear, comprehensive organizational structure normally defines reporting lines for decision making, risk management, financial and regulatory reporting, public disclosures, and crisis preparedness and response. In an enterprise governance operating model, the organizational structure could enable executive management to:

• Establish the independence and authority of the control functions of compliance, risk, legal, finance, and audit.

• Define a process of overseeing the spectrum of risks across all regions and businesses, including strategic, operational, market, credit, liquidity, legal, compliance, property, IT, reputational, and other risks.

• Maintain a governance structure that is understandable to internal employees and external stakeholders.

Management accountability and authority

Well-understood authority and accountability for key responsibilities are needed at all levels and in all areas of the organization. A sound governance operating model could:

• Balance global and regional strategies by delineating the authority and accountability for key roles and specifying a process for resolving or escalating disagreements.

• Balance the decision-making authority of business units against that of risk managers, such that risk tolerances and exposure limits are set and observed and risk managers have the authority to challenge those who are taking the risks.

• Define clear decision rights such that people understand the authority—and the limits of the authority—associated with their positions.

• Provide direction to control functions to assist overseers in determining that businesses are managed within appropriate limits on both global and regional bases.

Performance management and incentives

Goals, performance measures, compensation, and incentives should reflect an organization’s overall commitment to governance as well as principles of asset preservation and risk taking for reward. In this area, the model should help the board to:

• Establish performance objectives that balance asset preservation and risk taking in the pursuit of value creation.

• Align incentives to reflect a balance between asset preservation and risk taking.

• Specify qualifications and performance evaluations that establish and reinforce the desired corporate culture and tone at the top.

IMPLICATION TO COMBINED ASSURANCE REPORTING

According to The IIA Research Foundation, there are multiple benefits to implementing combined assurance, including:

1. One voice and taxonomy across all governance bodies and functions in the organization;

2. Efficiency in collecting and reporting information;

3. Common view of risks and issues across the organization; and 4. More effective governance, risk, and control oversight.

The well-prepared organization would get benefit from an effective governance operating model to conduct combined assurance reporting in the following ways:

• Improved clarity: The board and management face the challenge of translating governance principles into practices. The governance operating model could provide a vehicle for the board and its committees to address this challenge by clearly defining the roles, responsibilities, accountabilities, information flows, and guidelines that people need in order to implement governance.

 Greater visibility: To fulfill its governance responsibilities, the board should have clear lines of sight into management’s decision-making and risk-management processes. In the governance operating model, the board could establish those lines of sight, for example, by stating the types and amounts of investments and transactions and the risk exposures that should come to its attention.

• Improved coordination: Addressing the complexity inherent in governance of multiple businesses across a global organization requires coordinated action. It also entails balancing considerations regarding centralization versus decentralization and considering local business, customer, compliance, legal, and other stakeholder needs—which the model should be able to address.

• Increased effectiveness: A model that specifies the information that the board and its committees require—and from whom, how often, and under what circumstances they will receive that information—may assist the board in executing governance more effectively.